Search Results

Given the fast changing market demands, the growing complexity of features, the shorter time to market, and the design/development constraints, the need for efficient and effective verification and validation methods are becoming critical for vehicle manufacturers and suppliers. One such example is fault-tree analysis. While fault-tree analysis is an important hazard analysis/verification activity, the current process of translating design details (e.g., system level and software level) is manual. Current experience indicates that fault tree analysis involves both creative deductive thinking and more mechanical steps, which typically involve instantiating gates and events in fault trees following fixed patterns. Specifically for software fault tree analysis, a number of the development steps typically involve instantiating fixed patterns of gates and events based upon the structure of the code. In this work, we investigate a methodology to translate software programs to fault trees.

The Java language is now the most popular programming language for the creation of new software capabilities. Its popularity has resulted in signficant economies of scale, with Java adopted as the primary language of instructional within many university curriculums, an abundance of reusable Java software components and Java software development tools available both from commercial suppliers and as open source technology, a large pool of competent Java developers from which to recruit staff, and a general willingness by senior staff software engineers to invest the effort required to learn this new programming language and technology. This talk describes the special approaches recommended for the use of Java in safety-critical deployments. The talk surveys the current state of the draft JSR-302 Safety Critical Java Specification and describes related experiences with commercially available technologies based on the constraints of early JSR-302 design discussions.

All Semi Vendors do have multi core CPUs in their portfolio and adding new devices every day. This is the only possibility to grow performance and fulfill Moore's law. Multi core offers a wide variety of possibilities to reduce hardware complexity, reduce power consumption, shrink board space, expand functionality and performance. On the other hand the software complexity goes up and this directly affects the ability to achieve a certified system. The main trend as of today and in the future is the rising number of cores in a single chip and the increasing functionality of the software. As this trend does not stop at safety critical systems, the System/Solution Architects have to question themselves how to guarantee data integrity, robustness, robust portioning, avoid multi point of failures and race conditions. This presentation will highlight ideas, do's and don'ts for those who will design a safety critical multi Core system today or in the near future.

Multicore processor are well established in classical and tablet personal computers for some year. Such processors use more then one central core for computation and allow to integrate more computational power with smaller costs. However more than 90% of all processors worldwide are not placed in classical IT but are empedded in bigger systems like in modern vehicles or airplanes. Such systems face a very high demand in terms of safety, security an reliability which hinders the use of multicores in such systems. The funded project ARAMiS faces these demands and has the goal to enable the usability of multicore systems in the domains automotive and avionics, as well as later also railway. ARAMiS is the basis for higher traffic safety, traffic efficiency and comfort.

DSM will present various application solutions in High Performance Plastics enabling to significant weight or friction reduction and thus to reduced fuel consumption and/or emission levels, and on top of that to lower system costs. Typical Eco+ Solutions Examples to be presented are: - Friction Reduction: Nylon 46 in chain tensioners yielding up to 1 % fuel reduction - Weight Reduction (metal-to-plastic conversion): Nylon 46 with long term temperature resistance upto 230 C in turbo components, Nylon 6 in oil pans/sumps, PET in plastic precision parts, Nylon 46 in gears, many other examples - Electrification: Nylon 46 in start/stop and e-motor components, TPC in HV cables - System Cost optimization: High Flow PA6 in various components, TPC in Brake Tubes - Improved LCA: biobased materials as PA410 and TPC-Eco Typical Application Solutions concern: air induction systems, engine and transmission components, electrical systems, structural&safety parts.

This technical paper collection is on system safety analysis and design of safety-critical systems employing electronic controls. Topics include: implementation of safety-relevant systems, fail-safe strategies, distributed fault tolerant systems and hazard analysis. Application areas include: automotive active safety and alternative energy systems as well as avionics and mission management. Finally, the session addresses application of new or revised safety standards such as ISO 26262 and DO-178C.

The focus of this collection is on system safety analysis and design of safety-critical systems employing electronic controls. Topics include: implementation of safety-relevant systems, fail-safe strategies, distributed fault tolerant systems and hazard analysis. Application areas include: automotive active safety and alternative energy systems as well as avionics and mission management.

The papers in this collection focus on system safety analysis and design of safety-critical systems employing electronic controls. Topics include: implementation of safety-relevant systems, fail-safe strategies, distributed fault tolerant systems and hazard analysis. Application areas include: automotive active safety and alternative energy systems as well as avionics and mission management.

The papers in this colleciton focus on system safety analysis and design of safety-critical systems employing electronic controls. Topics include: implementation of safety-relevant systems, fail-safe strategies, distributed fault tolerant systems and hazard analysis. Application areas include: automotive active safety and alternative energy systems as well as avionics and mission management.

This document establishes techniques for validating that a mission store complies with the interface requirements contained in MIL-STD-1760 Revision D.

Historically, the majority of avionics display manufacturers have sought custom solutions to support the development of cockpit displays, head-up displays and other avionics on-board and ground displays, from specification through to target. This was however a decision borne out necessity rather than choice since the inherent wisdom of a ‘commercial-off-the-shelf’ (COTS) approach had been understood and demonstrated in other parallel domains for some time. So, with this in mind, why was a more costly custom approach selected?

Once qualified, manufacturing processes for safety critical components in aero engines are “frozen”, that is no changes are permitted to be made without a time consuming and costly re-validation. Moreover, the material selection for components in modern aero engines, due to high mechanical and thermal loads in operation, is limited to a small range of super alloys. These difficult to machine titanium and nickel based alloys are on the one hand a significant expense factor themselves, and cause considerable costs due to high tool wear on the other hand. Thus, it is intended to carry out time and resource saving experiments and - ideally - being able to transfer available results to similar processes. Using smart experimental design deploying relationships of physical measures involved, the effort of testing can be reduced. This paper explains the method's mathematical background, how the selection of the regarded parameters is carried out as well as the reduction of system inputs.

The embedded software has played an increasing role in safety-critical systems. At the same time the current development process of “build, then integrate” has proven unaffordable for the Aerospace industry. This paper outlines challenges in safety-critical embedded systems in addressing system-level faults that are currently discovered late in the development life cycle. We then discuss an architecture-centric approach to model-based engineering, i.e., to complement the validation of systems with analysis of different operational quality aspects from an architecture model. A key technology in this approach is the Architecture Analysis & Design Language (AADL), an SAE International standard for embedded software system. It supports analysis of operational qualities such as responsiveness, safety-criticality, security, and reliability through model annotations.

The topic of timing has already been recognized as a major challenge when designing safety-critical automotive architectures. Consequently the availability of appropriate performance and timing analysis methods is key to building reliable automotive electric and electronics (E/E) and software architectures. Due to the potential performance increase, power reduction and cost-efficiency multicore solutions for automotive real-time environments receive growing attention. But the prediction of the timing behavior for multicore electronic control unit (ECU) systems becomes more complicated. Even in setups with static task-to-processor mapping, the execution of the tasks is usually not independent. The use of the same physical hardware, such as memories, coprocessors, or network components, makes inter-core interference unavoidable and may introduce hard-to-find timing problems including missed deadlines that can finally make the entire system fail.

As software (SW) becomes more and more an important aspect of embedded system development, project schedules are requiring the earlier development of software simultaneously with hardware (HW). In addition, verification has increasingly challenged the design of complex mixed-signal SoC products. This is exacerbated for automotive safety critical SoC products with a high number of analogue interfaces (sensors and actuators) to the physical components such as an airbag SoC chipset. Generally, it is widely accepted that verification accounts for around 70% of the total SoC development. Since integration of HW and SW is the most crucial step in embedded system development, the sooner it is done, the sooner verification can begin. As such, any approaches which could allow verification and integration of HW/SW to be deployed earlier in the development process and help to decrease verification effort, (e.g.: accelerate verification runs) are of extreme interest.

The last years have seen an increasing amount of innovations in the functionality of car electronics (e.g. advanced driver assistant systems (ADAS) and in-vehicle infotainment systems (IVIS)). These electrical systems are not reserved for premium cars anymore, but additionally reach mid-size, compact, and subcompact cars. The growing number of functionalities in these cars entails increasing amount of interfaces, which may confuse, overload, or annoy the driver. Accompanying this, there is a trend towards the integration of capacitive touchscreens as user interfaces. These touchscreens were implemented first in consumer electronics and had a substantial impact on the way in which users interact with technology. This in turn has led to an increased user driven demand for the technology to be implemented in other domains, even in safety-critical ones like the automotive area.

Functional safety requirements and solutions are more expensive when it comes to lower cost machines with less power but same functionalities with respect to big machines. The paper will show a real Electronic Control Unit (ECU) design of a machine controller, controlling both engine working point, transmission, and other utilities like PTO, 4WD, brakes and Differential Lock; the ECU was designed in accordance to ISO 25119 regulation, to meet AgPL = C or even D for some functionalities. The unit is a fully redundant electronic control unit with two CAN networks and some special safe state oriented mechanism, that allow the Performance Level C with less software analysis requirements compared with traditional solutions. All safety critical sensors are redounded and singularly diagnosable, all command effects are directly observable and most of commands are directly diagnosable.

In this paper, we propose a hardware and a software design method considering functional safety for an electro-mechanical brake (EMB) control system which is used as a brake actuator in a brake-by-wire (BBW) system. A BBW system is usually composed of electro-mechanical calipers, a pedal simulator, and a control system. This simple by-wire structure eliminates the majority of bulky hydraulic brake devices such as boosters and master cylinders. The other benefit of a BBW system is its direct and independent response; this leads to enhanced controllability, thus resulting in not only improved basic braking performance but also considerably easier cooperative regenerative braking in hybrid, fuel-cell, and electric cars. The importance of a functional safety based approach to EMB electronic control unit (ECU) design has been emphasized because of its safety critical functions, which are executed with the aid of many electric actuators, sensors, and application software.

The number of software-intensive and complex electronic automotive systems is continuously increasing. Many of these systems are safety-critical and pose growing safety-related concerns. ISO 26262 is the automotive functional safety standard developed for the passenger car industry. It provides guidelines to reduce and control the risk associated with safety-critical systems that include electric and (programmable) electronic parts. The standard uses the concept of Automotive Safety Integrity Levels (ASILs) to decompose and allocate safety requirements of different stringencies to the elements of a system architecture in a top-down manner: ASILs are assigned to system-level hazards, and then they are iteratively decomposed and allocated to relevant subsystems and components. ASIL decomposition rules may give rise to multiple alternative allocations, leading to an optimization problem of finding the cost-optimal allocations.

In the OSI model for communication, the physical layer is the lowest layer close to communication lines. For automotive OEMs, physical layer conformance tests are mandatory. As the number of safety critical features in the vehicle is growing, ensuring signal fidelity is a major concern for reliable and real-time operation. CAN/ CAN FD/ LIN/ MOST/ FlexRay/ Ethernet are a few in-vehicle communication protocols in the vehicle network. It is very important for a communicating ECU to comply with protocol standards. Typical requirements per OEM’s specifications under CAN physical Layer include tests for termination resistance, bus voltage level, bit rate, recessive and dominant input thresholds, signal rise/fall time, slew rate, ground offset, sample point of a bit, CAN initialization time, fault-tolerant behavior etc. During the product development life cycle of an ECU, physical layer conformance tests play an important role in verifying signal characteristics.